summaryrefslogtreecommitdiffhomepage
path: root/system.h
AgeCommit message (Collapse)Author
2020-09-12netifd: vxlan: add aging and maxaddress optionsJohannes Kimmel
For both options the values can just be passed to the kernel. All unsigned values are accepted, thus no range checking required. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-09-12netifd: vxlan: add most missing boolean optionsJohannes Kimmel
adds the folloing missing options: - learning - rsc - proxy - l2miss - l3miss - gbp See ip-link(3) for their meaning. still missing: - external - gpe I'm not sure how to handle them at the moment. It's unclear to me what IFLA_VXLAN_* value corresponds to the 'external' option and according to the manpage, gpe depends on it. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-09-12netifd: vxlan: handle srcport rangeJohannes Kimmel
This adds adds the ability to set the source port range for vxlan interfaces. By default vxlans will use a random port within the ephermal range as source ports for packets. This is done to aid scaleability within a datacenter. But with these defaults it's impossible to punch through NATs or traverese most stateful firewalls easily. One solution is to fix the srcport to the same as dstport. If only srcportmin is specified, then srcportmax is set in a way that outgoing packets will only use srcportmin. If a range is to be specified, srcportmin and srcportmax have to be specified. srcportmax is exclusive. If only srcportmax is specified, the value is ignored and defaults are used. Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
2020-07-18bridge: add support for adding vlans to a bridgeJohn Crispin
Add a rtnl helper for adding vlans to a bridge interface. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-07-18bridge: add support for turning on vlan_filteringJohn Crispin
If we want a bridge to be vlan aware we need to be able to turn on filtering. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-21vlandev: support setting ingress/egress QoS mappingsPau Espin Pedrol
It allows setting mappings for instance this way: """ config device option name 'vlan41' option type '8021q' option vid '41' option ifname 'eth1' list ingress_qos_mapping '1:2' list ingress_qos_mapping '2:5' list egress_qos_mapping '0:3' """ Signed-off-by: Pau Espin Pedrol <pespin.shar@gmail.com> Tested-by: Pedro <pedrowrt@cas.cat>
2020-04-14interface, system: clean up netns functionalityDaniel Golle
Use struct device pointer as parameter instead of bare ifname allows for some simplication and again removing system_ifname_resolve() function introduced in commit d93126d. Fixes: d93126d ("interface: allow renaming interface when moving to jail netns") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14interface: allow renaming interface when moving to jail netnsDaniel Golle
Introduce jail_ifname option to define the name of a Linux network interface when moved into a jail's network namespace. This is useful for containers which expect the network interface to have a specific name (eg. 'host0' in case of systemd). While at it, clean-up and fix bugs in jail interface up/down routines. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-18add basic support for jail network namespacesDaniel Golle
Prepare netifd for handling procd service jails having their own network namespace. Intefaces having the jail attribute will only be brought inside the jail's network namespace by procd calling the newly introduced ubus method 'netns_updown'. Currently proto 'static' is supported and configuration changes are not yet being handled (ie. you'll have to restart the jailed service for changes to take effect). Example /etc/config/network snippet: config device 'veth0' option type 'veth' option name 'vhost0' option peer_name 'virt0' config interface 'virt' option type 'bridge' list ifname 'vhost0' option proto 'static' option ipaddr '10.0.0.1' option netmask '255.255.255.0' config interface 'virt0' option ifname 'virt0' option proto 'static' option ipaddr '10.0.0.2' option netmask '255.255.255.0' option gateway '10.0.0.1' option dns '10.0.0.1' option jail 'transmission' Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-06-08netifd: add xfrm tunnel interface supportAndré Valentin
This adds support for xfrm interfaces. These interfaces can be used since linux 4.19 for IPsec traffic, like VTI interface. XFRM interfaces are less complicated compared to VTI because they need no IP tunnel endpoints.
2019-04-15interface: add neighbor config supportmeurisa
The neighbor or neighbor6 network section makes neighbours configurable via UCI or proto shell handlers. It allows to install neighbor proxy entries or static neighbor entries The neighbor or neighbor6 section has the following types: interface : declares the logical OpenWrt interface ipaddr : the ip address of the neighbor mac : the mac address of the neighbor proxy : specifies whether the neighbor ia a proxy entry (can be 1 or 0) router : specifies whether the neighbor is a router (can be 1 or 0) Signed-off-by: Alexander Meuris <meurisalexander@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-17system-linux: enable by default ignore encaplimit for grev6 tunnelsHans Dedecker
Similar as for ip6 tunnels ignore encaplimit by default as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken connectivity Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-30system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)Hans Dedecker
Make encapsulation limit of IP6 tunnels configurable for the ds-lite/map proto shell handlers as not all ISPs support the destination option header containing the tunnel encapsulation limit value as reported in FS#1501. The IP6 tunnel specific setting encaplimit is parsed as a nested json data object; setting it to ignore disables the insertion of the destination option header while a value from 0 till 255 sets the tunnel encapsulation limit accordingly in the destination option header. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-24system-linux: VXLAN: add options to enable and disable UDP checksumsMatthias Schiffer
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-08-29system-linux: parse map-e fmrs parameters as nested data json objectHans Dedecker
Parse map-e fmrs parameters IPv6 prefix, IPv4 prefix, ealen and offset as array elements nested in a data json object. At the same time remove the now obsolete TUNNEL_ATTR_FMRS tunnel attribute. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-21system: remove unused 6rd tunnel attributesHans Dedecker
Commit 7573880ac042c6e5c8d48b1ad83d357b5e02743b added support for 6rd attributes as a nested json data object which makes the attributes TUNNEL_ATTR_6RD_PREFIX and TUNNEL_ATTR_6RD_RELAY_PREFIX unused Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-26netifd: Fix printf calls + function declarations.Rosen Penev
cppcheck found printf functions with signed instead of unsigned formats. Fix those as well as some non-matching function declarations. Signed-off by: Rosen Penev <rosenp@gmail.com>
2017-05-22system-linux: parse 6rd specific settings as nested json data objectHans Dedecker
Parse 6rd specific settings prefix, relay-prefix as nested json data objects. At the same time improve 6rd error handling. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-21system-linux: parse vti specific settings as nested json data objectHans Dedecker
Parse vti specific settings ikey and okey as nested json data object. At the same time remove the now obsolete TUNNEL_ATTR_INFO attribute. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-21system-linux: parse gre specific settings as nested json data objectHans Dedecker
Parse gre specific settings ikey, okey, icsum, ocsum, iseqno and oseqno as nested json data object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-07system-linux: add VXLAN supportMatthias Schiffer
VXLAN shares many attributes with the tunnel devices, so it is implemented as a new tunnel type. The 'remote' attribute can be used for an unicast peer or a multicast group. The IANA-assigned port 4789 is used by default, instead of the non-standard port Linux defaults to. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-11device: add veth supportMatthias Schiffer
The veth config code mostly handles the primary interface of a veth pair, the secondary interface is not explicitly referenced and will be found as an unrelated interface after the pair has been created. This doesn't only allow us to keep the veth code simple (and similar to existing device handlers), but will also avoid complicating handling unnecessarily in case the secondary interface is moved into another network namespace. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-31treewide: fix white space errorsHans Dedecker
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-25interface-ip: route proto config support (FS#170)Hans Dedecker
Route proto support is usefull when using route distribution via a routing daemon. The route proto parameter can be specified via the route proto uci config parameter, it can hold a numerical value or the string values unspec, kernel, boot, static or a string present in /etc/iproute2/rt_protos. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-03-07bridge: multicast: Export some parameters RFCs suggest to be tunableLinus Lüssing
RFCs suggest some parameters of IGMP and MLD to be configurable by the administrator. With this patch the following parameters are configurable: * robustness (default: 2) * query_interval (default: 12500 [125s]) * query_response_interval (default: 1000 [10s]) * last_member_interval (default: 100 [1s]) Depending on the size and nature of the network topology administrators might want to increase or decrease these parameters. netifd will take care of configuring any other parameters which are dependant on the ones above and set them according to the formulas provided in the RFCs. These parameters of the bridge are membership_interval, querier_interval, startup_query_interval, startup_query_count and last_member_count. RFCs allow setting three more parameters to be configurable: startup_query_interval, startup_query_count and last_member_count. However this patch does not export them, as they can be indirectly tuned via the given, exported four parameters, too. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2016-01-09system: mark tunnel_attr_list as externFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2015-11-17device: fetch settings from external devices to make them usable for status ↵Felix Fietkau
output Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2015-05-27bridge: allow setting hash_max valueLinus Lüssing
If the number of entries in the MDB exceeds hash_max then the multicast snooping capabilities of the bridge are disabled automatically. The default value for hash_max is 512 which is already exceeded by some wireless community mesh networks. They need to be able to set a higher value. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2015-05-23system: fix typo in returning address length.Yousong Zhou
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2015-03-23bridge: allow enabling or disabling the multicast querier independently of ↵Matthias Schiffer
IGMP snooping In larger networks, especially big batman-adv meshes, it may be desirable to enable IGMP snooping on every bridge without enabling the multicast querier to specifically put the querier on a well-connected node. This patch adds a new UCI option 'multicast_querier' for bridges which allows this. The default is still the value of the 'igmp_snooping' option to maintain backwards compatiblity. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2014-12-23netifd: Add mldversion config supportSteven Barth
Config support to set the MLD host version on device level; possible values are : 1 : MLDv1 2 : MLDv2 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Cleaned up and simplified. Signed-off-by: Steven Barth <steven@midlink.org>
2014-12-08netifd: Add igmpversion config supportHans Dedecker
Config support to set the IGMP host version on device level; possible values are : 1 : IGMPv1 2 : IGMPv2 3 : IGMPv3 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Cleand up and simplified Signed-off-by: Steven Barth <steven@midlink.org>
2014-11-19netifd: Add rpfilter config supportHans Dedecker
Reverse path filtering config support; possible values are: 0: no source validation 1|strict: strict mode as packet will be dropped if the incoming interface is not the best reverse path 2|loose: loose mode as packet will be dropped if the source address is not reachable via any interface Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2014-11-19netifd: Fix device ifindex overwrite when processing netlink event messagesHans Dedecker
When a device with the same name is deleted and created again in the kernel the ifindex changes. A race condition will occur when netlink event messages linked to the old device are processed and will thus overwrite the correct ifindex of the new device. Further make sure a valid ifindex is in place for both external and internal devices when setting the state to enabled. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2014-09-29netifd: GRE Tos supportHans Dedecker
Tos support is added as a generic gre parameter which can have the following values : -inherit (outer header inherits the tos value of the inner header) -hex value Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2014-07-30netifd: GRE tunnel supportHans Dedecker
Adds support for gre, gretap, grev6 and grev6tap tunnels Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2014-06-20system: fix treatment of RT_TABLE_MAINSteven Barth
Do not treat RT_TABLE_MAIN as RT_TABLE_UNSPEC in system_resolve_rt_table() in order to allow ip rules with lookup main to work as expected. Provide a new function system_is_default_rt_table() to allow calling code to specifically test for RT_TABLE_MAIN, this is going to be needed for the backwards compatible handling of the table attribute in route objects. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-06-18netifd: Route type supportHans Dedecker
Patch adds route type support in netifd by means of the route parameter type. By default the route type was unicast; the parameter adss support for local/broadcast/multicast/unicast routes which will be put into the appropriate routing table. If route type parameter is unset the route type will be unicast as before. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2014-06-11Add vlan 802.1q/802.1ad support as netifd devicesGioacchino Mazzurco
At moment netifd supports just 802.1q vlan, you can configure them using a concise but "hacky" syntax using an interface config section, with this patch netifd acquire the capability of configuring 802.1ad and 802.1q vlan using config device sections, so you can define a vlan device plus interface with something like this: config device 'test' option type '8021ad' option name 'test' option ifname 'eth0' option vid '1000' config interface 'testif' option ifname 'test' option proto 'none' option auto '1' old syntax for 802.1q keeps working so no retrocompatibility problems, to keep retrocompatibility means also that user must not use name/ifname like eth0.2 for devices declared with the new style because this would trigger the "old style" when interface config section is parsed Signed-off-by: Gioacchino Mazzurco <gmazzurco89@gmail.com>
2014-05-21Rewrite ipip6-tunnel setup to use netlink and add support for FMRsSteven Barth
Signed-off-by: Steven Barth <steven@midlink.org>
2014-03-11netifd: Fix bridge MTU setting when a bridge member is addedHans Dedecker
Reapply bridge mtu setting as adding a bridge member will override the bridge mtu in the kernel Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2013-12-08Tunnel don't fragment bit configurableHans Dedecker
Make tunnel don't fragment bit configurable via UCI Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2013-12-08netifd: Apply tunnel MTUHans Dedecker
Tunnel MTU is applied according to the tunnel MTU UCI parameter Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2013-10-03device: add macvlan supportFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2013-07-13bridge: add bridge_empty option which allows creation of empty bridgesLuka Perkov
Signed-off-by: Luka Perkov <luka@openwrt.org>
2013-06-10config: use the new uci_blob library codeFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-05-13Add support for IP in IPv6 tunnels (DS-Lite)Steven Barth
Signed-off-by: Steven Barth <steven@midlink.org>
2013-04-23set default bridge priority to 0x7FFFJo-Philipp Wich
2013-04-23add bridge priority optionNiels Boehm
[netifd] add bridge priority option Using the bridge priority (lower numbers are higher in the hierarchy), one can ensure that the router is chosen as root bridge in a setup with spanning tree protocol. For instance, one can set the priority of network lan to 32767, causing the router to win over all directly and indirectly connected nodes that have a default priority of 32768. The reason for doing that is that otherwise it has a default priority 32768 as well and any other connected node could win and get root bridge. In a home setup, those nodes are often desktop or laptop boxes and get switched off from time to time. As a consequence, root bridges vanish or new root bridges get chosen relatively often, resulting in frequent topology changes to the STP network. While the new topology has not settled, packets can get lost, causing noticeable interruptions of network traffic. Setting the router's bridge on a lower numbered priority (and thus higher in the selection hierarchy) solves the problem in the vast majority of the cases by ensuring that the device that is most likely powered on 24/7 gets chosen as root and prevents topology changes. Signed-off-by: Niels Boehm <blubberdiblub@gmail.com>
2013-04-04Add support for ip rulesJo-Philipp Wich